1 |
Ryan Curtin wrote: |
2 |
> Instead of using iptables, you may want to try DenyHosts |
3 |
> (app-admin/denyhosts). It's a simple Python script that parses through |
4 |
> /var/log/secure (or whatever your sshd logs to) and finds IPs who have |
5 |
> failed authentication a certain number of times, then adds those IPs to |
6 |
> /etc/hosts.deny. Naturally, the threshold for blocking a host can be |
7 |
> configured, and many other options can too. It's worked great for me, |
8 |
> and I've used it for about half a year now. |
9 |
> |
10 |
> The website for the DenyHosts project is: |
11 |
> http://denyhosts.sourceforge.net/ |
12 |
> |
13 |
> I hope that I read your question right and that this will help. |
14 |
> |
15 |
> Ryan Curtin |
16 |
> ryan@××××××××××××.com |
17 |
> |
18 |
> |
19 |
> |
20 |
|
21 |
Thanks, Ryan, but I really want to stick with the tar pit solution. I |
22 |
had already solved the real problem when I asked for help here. I want |
23 |
to play with the tar pit module for..let's say "academic purposes" ;-) |
24 |
|
25 |
Unfortunately I had no luck. Clean kernel, the latest patch-o-matic, the |
26 |
latest iptables and the same result. Obviously gentoo-sources is |
27 |
incompatible with tar pit module. ;-( |
28 |
|
29 |
I'm attaching here a file called "tarpit.txt" containing the commands I |
30 |
issued and the relevant output from them in hope that someone could show |
31 |
a mistake I'm repeating. |
32 |
|
33 |
-- |
34 |
Best regards, |
35 |
Daniel |